Cyber Security Month Kickoff event

Brussels, 30 September 2016

Welcome Sébastien de Brouwer, EBF Executive Director

Welcome speeches Wim Mijs, Chief Executive, EBF Steve Purser, Head of Core Operations, ENISA Olivier Burgersdijk, Integrated Data Management, Europol

Ken Ducatel, Director, DIGIT

European Cyber Security Month (ECSM) Kick-Off Brussels, 30 September

Other obstacles • Lack of digital skills • Lack of awareness on cyber risks

Welcome speeches Wim Mijs, Chief Executive, EBF Steve Purser, Head of Core Operations, ENISA Olivier Burgersdijk, Integrated Data Management, Europol

Ken Ducatel, Director, DIGIT

European Cyber Security Month Cyber Aware Executive Seminar 30 September 2016

19 September 2016

Ken Ducatel

Director of IT Security DG DIGIT Ken DUCATEL, Director DIGIT S Ilkka SALMI, Director DGEuropean HR DS Commission

The programme

Thank you! [email protected]

Break 15 ‘

National campaign coordinators Moderator: Vangelis Stavropoulos, Project Coordinator, ENISA France: Anne-Charlotte Brou, Agence nationale de la sécurité des systèmes d’information (ANSSI) Germany: Hanna Heuer, Federal Office for Information Security (BSI) Luxembourg: Daniele Bisdorff, Ministère de l'économie du Luxembourg Netherlands: Marjolijn Durinck, Platform voor de Informatiesamenleving (ECP) Norway: Peggy Heie, Norsk senter for informasjonssikring (NorSIS)

Mois européen de la cybersécurité #ECSM

ECSM in France Events Online activities

17 +

10 +

activities registered

participants

Coordination of the event in France ANSSI

Agence nationale de la sécurité des systèmes d’information ECSM Kick off event – Brussels – September 2016

2

ANSSI Created in 2009, ANSSI ensures the security and defence of State information systems and contributes to that of National Operators of Vital Importance (OIV). Prevent the threat by anticipating modes of attack through scientific expertise, defining protective measures and by certifying trusted IT products and services

ECSM Kick off event – Brussels – September 2016

Three major duties

Inform Defend information systems by detecting weaknesses and incidents and by reacting as early as possible in case of a cyberattack, providing its technical assistance and expertise

various audiences, raising awareness of the necessary protection of digital environments, promoting best practices for cyber security and by issuing technical recommendations

3

ECSM Activities in Germany

Activities by BSI Online survey In cooperation with the German police we ask for the second time private users about their behaviour regarding cyber-security. Online information We publish an animated video and further information on each weekly topic. Cyber-security ABC On Facebook we explain terms regarding cyber-threads to raise awareness.

Hanna Heuer | ECSM in Germany | 30.09.2016 | Page 2

Activities in Germany Project office A project office asked different organisations to take part in this year’s ECSM – either with activities or as multiplicator. Registered activities A wide range of activities was registered, from webinars to live-hacking demonstrations, from public discussions to intern awareness campaigns. Partners Among the partners are companies as well as public institutions and organisations.

Hanna Heuer | ECSM in Germany | 30.09.2016 | Page 3

Contact with ENISA

Contact with national ministry (financing structure)

Coordination of media attention and PR (research results)

Organising CSM: coordination tasks

Toolkit with material for partners:

Coordination partners : -192 partners, all with events, activities, newsletters, tools

Website with agenda of all activities and tips

• • • •

Posters Flyers Online test Video’s

Norwegian Centre for Information Security is an independent, expert, non-profit organization committed to promoting awareness and effective cyber security measures, practice and policy. We informs on cyber threats, advice people violated online, and facilitate activities and events promoting effective cyber security practice

Free online service giving practical advice on cyber security and netiquette to Norwegian residents and SMEs

Free advisory service for those who feel offended or experience violation of rights online

Network of women working for a safe and secure internet and appropriate cyber security policies

Annual national campaign to raise attention on cyber threats and effective cyber security practices

NorSIS employees have broad knowledge and experience in cyber security. Our primary audience is small and medium size enterprises and Norwegian residents. We cooperate with enterprises in both public and private sector to increase knowledge on sound cyber security practice, motivate enterprises to take social online responsibility and improve national cyber resilience. Through a network of experts NorSIS produces, analyses and disseminates knowledge on cyber security and the cyber security culture.

The Norwegian Cyber Security Culture

Survey Report published 28. september

Bilder: Maria Nyheim

The Norwegian Cyber Security Culture survey Don’t believe security updates made by individuals will contribute to secure the internet.

Says they knowingly violate security rules because of functionality.

Will report cyber crime to the police but do they?

Think they know how to behave safe online.

Uses the same password everywhere – 19 % have different passwords on different services.

Keep their computer updated, 18% does not.

Security in Banking Moderator: Keith Gross, Chair EBF, Cyber Security WG Wien De Geyter, Secretary General, Febelfin Senan Moloney, VP Cyber Threat Intelligence, Barclays Koen Hermans, Public Prosecutor, Eurojust

Peter, Kerstens, Advisor for Financial Sector Cybersecurity, DG FISMA

Safe internetbanking by Febelfin The story behind our campaigns

Wien De Geyter – Secretary General

Cyber Security Month Kick-off Event 30/09/2016

Who is Febelfin?

We represent 260 members, by: - defining positions - lobbying - providing info, counsel & training - communicating Cyber Security Month Kick-off Event 30/09/2016

5 years of campaign

Amazing Mindreader

See how easily freaks can take over your life

If you have some doubts, you’d better stop

Cyber Security Month Kick-off Event 30/09/2016

2013: 1,772 fraud cases

Why?

2012: 1,003 fraud cases 2011: 94 fraud cases 2010: 1 fraud case

Cyber Security Month Kick-off Event 30/09/2016

Amazing Mindreader

Your entire life is online & might be used against you…

Cyber Security Month Kick-off Event 30/09/2016

Amazing Mindreader

YouTube campaign

Launched in September 2012

+Many awards

Target group: 45-66

Goal: creating awareness about the danger of sharing information on the internet Cyber Security Month Kick-off Event 30/09/2016

See how easily freaks can take over your life

Your life might be taken over! Cyber Security Month Kick-off Event 30/09/2016

See how easily freaks can take over your life

YouTube campaign

Launched in July 2013

Best campaign of 2013 (European Excellence Awards)

Target group: 45-66

Message of general interest on TV

Launched in October 2013

Reach: 50% of BE population

Target group: youngsters, elder people, families

Goal: creating awareness about the danger of phishing

Cyber Security Month Kick-off Event 30/09/2016

If you have some doubts, you’d better stop

Cyber Security Month Kick-off Event 30/09/2016

If you have some doubts, you’d better stop

Message of general interest on TV

Launched in August 2014

Reach: 50% of Belgian population

Target group: youngsters, elder people, families

Bannering

Launched in August 2014

Visible in bank branches, on ATM’s, on website banks,…

Focus on phishing: from awareness to action Cyber Security Month Kick-off Event 30/09/2016

Result: a shut down of number of fraud cases 2013: 1,772 fraud cases

2014: 277 fraud cases 2015: 283 fraud cases Cyber Security Month Kick-off Event 30/09/2016

• Silver Effie Award • Consumer Insight Award

Cyber Security Month Kick-off Event 30/09/2016

We go for zero

www.safeinternetbanking.be Cyber Security Month Kick-off Event 30/09/2016

Febelfin vzw/asbl Belgian Financial Sector Federation www.febelfin.be

Cybersecurity Awareness Month October 2016 Outreach and Awareness Cyber Security Operations Centre (CSOC) Global Information Security (GIS)

Internal Only

Cybersecurity Awareness Month • To reduce our vulnerability to cyber attacks and to enable a Go-To bank in cyberspace, the GIS Awareness Cyber Awareness month has been created to enable and support an ongoing learning environment. • Supported by key stakeholders, globally and locally delivered the Cyber Security Awareness Month will consolidate the delivery of cyber training and awareness and expand to include the cyber security issues faced by end users in a quick, non-invasive, accessible structure that leads to a more secure cyber security savvy global society. • Visit and contribute to discussions on the Cyber Awareness Month MySite community and encourage your teams to register for exciting and informative events:

Week 1 – Protect – Defending the bank, its customers and our colleagues. Defend the Barclays estate, our customers, and our employees from cybercrime attacks that lead to unacceptable data breaches, destruction of key digital information, and monetary loss.

Week 2 - Enable – Enabling the Business Transportation to Digital & Mobile Enable our business areas to deliver our unique financial services in a timely manner and secure manner.

Week 3 - Innovate – Designing Tomorrow’s Cyber Defences GIS and our partners will be dedicated to the innovation of the next generation cyber security software and hardware so we can deliver stronger and safer applications and platforms than our competitors.

Week 4 - Educate – Enabling Global Cyber Resilience Education is the basic foundation and the platform of all our activities. We embed security in our business culture and DNA and have great respect for our corporate social responsibilities. Educating our colleagues through training is a key part in our strategy

2 | Phishing Education v2 | 10 June 2016 Cybersecurity Awareness Month Internal Only

Cybersecurity Awareness Month • Over 80 events have been organised globally for our 140,000 colleagues to actively participate in. • Over 500 Cyber Champions based in 41 countries have registered as ambassadors to spread the word about cyber security. • A dedicated intranet site has been put together to showcase the month across Barclays. • All events are available in person and remotely for colleagues to dial into globally. • All events are being recorded to enable colleagues to watch the session after it has taken place. • The month long initiative includes the following activities: • • • • • • •

Hackathons Competitions Guest Speaker Sessions Murder Mystery Workshops Town Halls Conferences

3 | Phishing Education v2 | 10 June 2016 Cyber Cybersecurity Champions Awareness Update Month Internal Only

Cybersecurity Awareness Month Plan

4 | Phishing Education v2 | 10 June 2016 Cyber Champions Update Cybersecurity Awareness Month Internal Only

Eurojust The European Union’s Judicial Cooperation Unit

EUROPEAN MONEY MULE ACTION EMMA

Koen Hermans – Vice Chair Cybercrime Taskforce Eurojust / Public Prosecutor

STRUCTURE: I II III IV V

EMPACT WHY? HOW? RESULTS FUTURE

I EMPACT EU multi-annual policy cycle: EMPACT Priority threats -> Operational action plans (OAP’s) to combat threats European Money Mule Action (EMMA) is a pilot OAP under the EMPACT flag targeting Money Mules

4

II WHY MONEY MULES? Organisation Financial Cybercrime Group

* picture: Kaspersky

5

II WHY MONEY MULES? Essential chain in Cyber Organised Crime Group (OCG) Money muling is one of the most commonly used methods for transferring fraudulent money Aim: target essential chain - related to money laundering - in Cyber OCG 6

III HOW? - judgments - out of court settlements

Courts Prosecutors

- other interventions

- investigations - analysis - acquiring info

Investigators Prosecutors

Banking Sector

- information

7

III HOW? Crucial:

I

Private – public cooperation

II

Involvement of prosecution, investigators and banking sector is crucial

III

Retribution (individual prevention)

IV

General prevention: awareness campaign 8

III HOW? Operational and Coordination Meetings at Europol and Eurojust Discussing:

-

Acquiring and sharing information; Money laundering legislation; Aligning different actions; Action day; Media campaign. 9

III HOW? Action week 22 – 26 February 2016 Belgium, Denmark, Greece, the Netherlands, the United Kingdom, Romania, Spain and Portugal Plus support from Moldova Eurojust, Europol and European Banking Federation (EBF) 10

IV RESULTS • 838 fraudulent transactions reported

• 673 money mules identified • 75 banks involved • 198 interrogations • 81 arrests 11

IV RESULTS More than 90% linked to Cybercrime

phishing malware online shopping fraud other

12

IV RESULTS

13

V FUTURE • More countries • More banks • Improve sharing information banking sector – law enforcement and judicial authorities 14

THANK YOU FOR YOUR ATTENTION

15

Mobile Malware Moderator: Olivier Burgersdijk, Integrated Data Management, Europol Michael Shaulov, Head of products, Mobile & Cloud Security, Check Point Software Technologies Senan Moloney, VP Cyber Threat Intelligence, Barclays

Tomislav Vazdar, Chief Security Officer & Head of Corporate Security, Erste & Steiermärkische bank Daniel Lawrence, Detective Inspector, NPCC National Cyber Crime PROTECT Coordinator, CERT UK

Cyber awareness Moderator: Jakub Boratynski, Head of Cybersecurity and Digital Privacy, DG CNECT Dr. Veronica Donoso, Executive Director, INHOPE Dr. Hans Martens, Insafe network coordinator, European Schoolnet

Erka Koivunen, Cyber Security Advisor, F-Secure Corporation William O'Connell, Chief Business Security Officer, ADP

Closing remarks Steve Purser, Head of Operations, ENISA

FS ISAC & EBF signing MoU

Networking lunch